CCI-001372

When transferring information between different security domains, implement organization-defined security or privacy policy filters requiring fully enumerated formats that restrict data structure and content.

Implementation Guidance

Determine if: - when transferring information between different security domains, implemented [AC-04(14)_ODP[01]; security policy filters to be implemented that require fully enumerated formats restricting data structure and content have been defined] require fully enumerated formats that restrict data structure and content. - when transferring information between different security domains, implemented [AC-04(14)_ODP[02]; privacy policy filters to be implemented that require fully enumerated formats restricting data structure and content are defined] require fully enumerated formats that restrict data structure and content.

Validation Procedures

Examine: [SELECT FROM: Access control policy; information flow control policies; procedures addressing information flow enforcement; system design documentation; system configuration settings and associated documentation; list of security and privacy policy filters; list of data structure policy filters; list of data content policy filters; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy responsibilities; system developers]. Test: [SELECT FROM: Mechanisms implementing information flow enforcement policy; security and privacy policy filters].

The controls below (if any) were marked by NIST as being related to CCI-001372.